Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/builtins.cc

Issue 14846017: Becuase of cross-context calls, hydrogen-based Array constructor needs to ensure (Closed) Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Patch Set: Ports, and turned off flag Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/arm/code-stubs-arm.cc ('k') | src/code-stubs.h » ('j') | src/code-stubs-hydrogen.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/builtins.cc
diff --git a/src/builtins.cc b/src/builtins.cc
index 149a6492621aaa0a88dee1c4eb725b7e9331d437..47b5bc8bda6a3aa9478ff23adb881d73823b7939 100644
--- a/src/builtins.cc
+++ b/src/builtins.cc
@@ -194,55 +194,58 @@ BUILTIN(EmptyFunction) {
}
-#define CONVERT_ARG_STUB_CALLER_ARGS(name) \
- Arguments* name = reinterpret_cast<Arguments*>(args[0]);
-
-
RUNTIME_FUNCTION(MaybeObject*, ArrayConstructor_StubFailure) {
- CONVERT_ARG_STUB_CALLER_ARGS(caller_args);
- ASSERT(args.length() == 2);
- Handle<Object> type_info = args.at<Object>(1);
+ // If we get 2 arguments then they are the stub parameters (constructor, type
+ // info). If we get 3, then the first one is a pointer to the arguments
+ // passed by the caller.
+ Arguments empty_args(0, NULL);
+ bool no_caller_args = args.length() == 2;
+ ASSERT(no_caller_args || args.length() == 3);
+ int parameters_start = no_caller_args ? 0 : 1;
+ Arguments* caller_args = no_caller_args
+ ? &empty_args
+ : reinterpret_cast<Arguments*>(args[0]);
+ Handle<JSFunction> constructor = args.at<JSFunction>(parameters_start);
+ Handle<Object> type_info = args.at<Object>(parameters_start + 1);
- JSArray* array = NULL;
bool holey = false;
if (caller_args->length() == 1 && (*caller_args)[0]->IsSmi()) {
int value = Smi::cast((*caller_args)[0])->value();
holey = (value > 0 && value < JSObject::kInitialMaxFastElementArray);
}
+ JSArray* array;
MaybeObject* maybe_array;
- if (*type_info != isolate->heap()->undefined_value()) {
+ if (*type_info != isolate->heap()->undefined_value() &&
+ JSGlobalPropertyCell::cast(*type_info)->value()->IsSmi()) {
JSGlobalPropertyCell* cell = JSGlobalPropertyCell::cast(*type_info);
- if (cell->value()->IsSmi()) {
- Smi* smi = Smi::cast(cell->value());
- ElementsKind to_kind = static_cast<ElementsKind>(smi->value());
- if (holey && !IsFastHoleyElementsKind(to_kind)) {
- to_kind = GetHoleyElementsKind(to_kind);
- // Update the allocation site info to reflect the advice alteration.
- cell->set_value(Smi::FromInt(to_kind));
- }
-
- AllocationSiteMode mode = AllocationSiteInfo::GetMode(to_kind);
- if (mode == TRACK_ALLOCATION_SITE) {
- maybe_array = isolate->heap()->AllocateEmptyJSArrayWithAllocationSite(
- to_kind, type_info);
- } else {
- maybe_array = isolate->heap()->AllocateEmptyJSArray(to_kind);
- }
- if (!maybe_array->To(&array)) return maybe_array;
+ Smi* smi = Smi::cast(cell->value());
+ ElementsKind to_kind = static_cast<ElementsKind>(smi->value());
+ if (holey && !IsFastHoleyElementsKind(to_kind)) {
+ to_kind = GetHoleyElementsKind(to_kind);
+ // Update the allocation site info to reflect the advice alteration.
+ cell->set_value(Smi::FromInt(to_kind));
}
- }
-
- ElementsKind kind = GetInitialFastElementsKind();
- if (holey) {
- kind = GetHoleyElementsKind(kind);
- }
- if (array == NULL) {
- maybe_array = isolate->heap()->AllocateEmptyJSArray(kind);
+ maybe_array = isolate->heap()->AllocateJSObjectWithAllocationSite(
+ *constructor, type_info);
if (!maybe_array->To(&array)) return maybe_array;
+ } else {
+ ElementsKind kind = GetInitialFastElementsKind();
+ ASSERT(constructor->initial_map()->elements_kind() == kind);
Toon Verwaest 2013/05/07 11:02:06 It seems more resilient to just use the initial ma
mvstanton 2013/05/07 12:40:50 Done.
+ maybe_array = isolate->heap()->AllocateJSObject(*constructor);
+ if (!maybe_array->To(&array)) return maybe_array;
+ // We might need to transition to holey
+ if (holey) {
+ kind = GetHoleyElementsKind(kind);
+ maybe_array = array->TransitionElementsKind(kind);
+ if (maybe_array->IsFailure()) return maybe_array;
+ }
}
+ maybe_array = isolate->heap()->AllocateJSArrayStorage(array, 0, 0,
+ DONT_INITIALIZE_ARRAY_ELEMENTS);
+ if (maybe_array->IsFailure()) return maybe_array;
maybe_array = ArrayConstructInitializeElements(array, caller_args);
if (maybe_array->IsFailure()) return maybe_array;
return array;
« no previous file with comments | « src/arm/code-stubs-arm.cc ('k') | src/code-stubs.h » ('j') | src/code-stubs-hydrogen.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698